338597 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-47784
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpas...
Fedora 44 : rustup (2026-fc7afe14b7)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fc7afe14b7 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021598)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021598 advisory. In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ar...
Oracle Linux 7 : giflib (ELSA-2026-8883)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8883 advisory. 4.1.6-9.0.3 - Security update for CVE-2026-23868 Orabug: 39230174 Tenable has extracted the preceding description block directly from the Oracle Linux security...
RHEL 9 : thunderbird (RHSA-2026:19348)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19348 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Fedora 44 : python-dotenv (2026-79e64d2daa)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-79e64d2daa advisory. Update to 1.2.2, security fix for CVE-2026-28684. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 43 : kernel (2026-5e5a0f9621)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5e5a0f9621 advisory. The 7.0.7 stable kernel update contains a number of important fixes across the tree. It also patches up a vulnerable codepath for fragnesia that was not in t...
RHEL 7 : firefox (RHSA-2026:19704)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19704 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021535)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021535 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will...
Linux Distros Unpatched Vulnerability : CVE-2026-33603
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to...
Fedora 44 : strongswan (2026-cc6fcd3a58)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cc6fcd3a58 advisory. Fixes CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334 Tenable has...
Linux Distros Unpatched Vulnerability : CVE-2026-9064
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP...
Fedora 44 : rust-podman-sequoia / rust-rpm-sequoia / etc (2026-5619c60e85)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-5619c60e85 advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...
RHEL 9 : glib2 (RHSA-2026:19457)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19457 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...
Debian dla-4592 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4592 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4592-1 [email protected]...
Fedora 44 : rust-nu (2026-6de0476940)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6de0476940 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...
Fedora 43 : rsync (2026-d4d8ae2bdc)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d4d8ae2bdc advisory. Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but ...
Splunk Enterprise 9.3.0 < 9.3.12, 9.4.0 < 9.4.11, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0504)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0504 advisory. - In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1,...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021554)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021554 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue:...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021646)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021646 advisory. In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENTWATCHED flags lazily In some setups directories can have many usually...
Linux Distros Unpatched Vulnerability : CVE-2026-43620
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to...
Fedora 45 : ansible / ansible-core (2026-a8a5f6b41b)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-a8a5f6b41b advisory. Latest Ansible 13 - Close bogus CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021619)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021619 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracingcpumaskwrite If a large count is provided, it will trigger ...
Linux Distros Unpatched Vulnerability : CVE-2026-8711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg,...
RHEL 8 : libtiff (RHSA-2026:19659)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19659 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...
RHEL 9 : thunderbird (RHSA-2026:19462)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19462 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021602)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021602 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 net: lapbether: only support...
Linux Distros Unpatched Vulnerability : CVE-2026-43379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix use-after-free in smblazyparentleasebreakclose opinfo pointer obtained via rcudereferencefp-fopinfo is being accessed after rcureadunlock has been...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021538)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021538 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre...
RHEL 10 : thunderbird (RHSA-2026:19463)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19463 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021644)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021644 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are...
Amazon Linux 2023 : firewalld, firewalld-filesystem, firewalld-test (ALAS2023-2026-1636)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1636 advisory. A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This...
Linux Distros Unpatched Vulnerability : CVE-2026-41070
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021642)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021642 advisory. In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in...
Fedora 44 : expat (2026-4ef690dc30)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4ef690dc30 advisory. Rebase to version 2.8.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021624)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021624 advisory. In the Linux kernel, the following vulnerability has been resolved: net: restrict SOREUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally ...
Linux Distros Unpatched Vulnerability : CVE-2026-43293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode irq worklist and...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021561)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021561 advisory. In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fakeinit In fakeinit, rootdeviceregister is possible to fail but it...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021527)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021527 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeonatrmgetbios As comment of pcigetclass says, it...
Fedora 43 : erlang-cowlib (2026-ce0a56ca97)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ce0a56ca97 advisory. Cowlib 2.16.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021599)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021599 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6uncachedlistflushdev Blamed commit accidentally removed a...
RHEL 9 : libtiff (RHSA-2026:19585)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19585 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...
Amazon Linux 2023 : rclone (ALAS2023-2026-1658)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1658 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can muta...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021528)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021528 advisory. In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1673)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1673 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021539)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021539 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/type1: prevent underflow of lockedvm via exec When a vfio container is preserved across exec...
Amazon Linux 2023 : docker (ALAS2023-2026-1659)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1659 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin...
RHEL 8 : libtiff (RHSA-2026:19604)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19604 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...
Linux Distros Unpatched Vulnerability : CVE-2026-43392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Fix starvation of scxenable under fair-class saturation During scxenable, the READY - ENABLED task switching loop changes the calling thread's...
Fedora 43 : rustup (2026-f8e0fbaa84)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f8e0fbaa84 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...